Crash in shutdownhang | memcpy | nsTSubstring<T>::Assign | mozilla::net::nsStandardURL::GetScheme

RESOLVED FIXED in Firefox 66

Status

()

defect
P1
critical
RESOLVED FIXED
6 months ago
6 months ago

People

(Reporter: philipp, Assigned: baku)

Tracking

({crash, regression})

66 Branch
mozilla66
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr60 unaffected, firefox64 unaffected, firefox65 unaffected, firefox66 fixed)

Details

(crash signature)

Attachments

(1 attachment)

This bug is for crash report bp-c5047a16-0ceb-44d3-aeed-748af0190125.

Top 10 frames of crashing thread:

0 xul.dll memcpy 
1 xul.dll nsTSubstring<char>::Assign xpcom/string/nsTSubstring.cpp:412
2 xul.dll mozilla::net::nsStandardURL::GetScheme netwerk/base/nsStandardURL.cpp:1349
3 xul.dll mozilla::net::nsIOService::ProtocolHasFlags netwerk/base/nsIOService.cpp:1506
4 xul.dll mozilla::net::nsIOService::URIChainHasFlags netwerk/base/nsIOService.cpp:1523
5 xul.dll NS_URIChainHasFlags netwerk/base/nsNetUtil.cpp:2045
6 xul.dll mozilla::BasePrincipal::CreateCodebasePrincipal caps/BasePrincipal.cpp:379
7 xul.dll mozilla::BasePrincipal::CloneStrippingUserContextIdAndFirstPartyDomain caps/BasePrincipal.cpp:455
8 xul.dll nsPermissionManager::GetAllWithTypePrefix extensions/cookie/nsPermissionManager.cpp:2644
9 xul.dll nsPermissionManager::GetEnumerator extensions/cookie/nsPermissionManager.cpp:2598

after nightly build 20190124104034 firefox with my main profile is getting consistently stuck after closing the application. the processes are keeping on running and gobbling up memory until a shutdownhang is getting triggered - always ending up in a different crash report signature.
out of the changes from the pushlog for this build bug 1521051 seems like the most likely regressor: https://mzl.la/2Rap4Tr

(i also get logged out from some websites upon the next browser startup which i assume might be related)

i can provide some files from my affected profile in order to reproduce the problem in case it helps fixing the bug.

Assignee: nobody → amarchesini
Attachment #9039045 - Flags: review?(jhofmann)
Comment on attachment 9039045 [details] [diff] [review]
permission.patch

Review of attachment 9039045 [details] [diff] [review]:
-----------------------------------------------------------------

Hah, oh, man, I knew there were some of those profiles. It's good that we caught this in Nightly!

Are we "fuzzing" our code base with random permission db entries (or just a single invalid entry for all permissions)? Might be worth it.

Thanks!
Attachment #9039045 - Flags: review?(jhofmann) → review+
Priority: -- → P1
Status: NEW → ASSIGNED
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/fa81629b009a
Unsupported permission values should be ignored by Sanitizer.jsm, r=johannh
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.